CVE-2009-3033
Symantec Altiris Deployment Solution - Memory Corruption
Title source: ruleDescription
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16528
metasploit
WORKING POC
NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb
References (7)
Scores
EPSS
0.7254
EPSS Percentile
98.8%
Details
CWE
CWE-119
Status
published
Products (7)
symantec/altiris_deployment_solution
6.9 (4 CPE variants)
symantec/altiris_deployment_solution
6.9.164
symantec/altiris_deployment_solution
6.9.176
symantec/altiris_deployment_solution
6.9.355 (2 CPE variants)
symantec/altiris_management_platform
7.0 (2 CPE variants)
symantec/altiris_notification_server
6.0 (5 CPE variants)
symantec/altiris_notification_server
6.0_sp3
Published
Nov 25, 2009
Tracked Since
Feb 18, 2026